Trouble logging in?If you can't remember your password or are having trouble logging in, you will have to reset your password. If you have trouble resetting your password (for example, if you lost access to the original email address), please do not start posting with a new account, as this is against the forum rules. If you create a temporary account, please contact us right away via Forum Support, and send us any information you can about your original account, such as the account name and any email address that may have been associated with it.

To be fair, you wouldn't need to buy much silence, the technology behind most gaming consoles tends to be a rather closely held secret. It's not until the console has been out for a few days / someone has bought one / ripped it apart and published the details on a website.

For a zero-day release where 10k player's were trapped in-game a few hours after it went live? You wouldn't need too much secrecy.

In short, there's no good reason why they would allow people being kept hostages by Kabaya and not pull off their helmets immediately. Even if there was some sort of penalty for the remaining players, once you started taking the helmets off (which isn't there, as it was never mentioned). You'd just need enough people, 10,000 at most, to pull off all helmets simultaneously in one synchronized move.

There's a very good reason why they didn't try and pull off the helmets. Those 213 dead people that Kabaya mentioned at the start were people whose family members ignored the warning and attempted to free them. Obviously that would include "free them by removing their helmets". When you've already had scores of people killed by attempts to remove the helmets, you do not start experimenting to see if you just pull a little faster if it can be removed safely.

The console had been released earlier, it just didn't have any good games for it. SAO was supposed to be the killer app.

Excellent point from ep1.

Quote:

Originally Posted by Krono

There's a very good reason why they didn't try and pull off the helmets. Those 213 dead people that Kabaya mentioned at the start were people whose family members ignored the warning and attempted to free them. Obviously that would include "free them by removing their helmets".

It's also possible some of the 2k people 'killed' in the first month were failed government attempts. But again, it's the setting, there very little wiggle room to it.

What safety controls? Do you know of any country that has safety controlls for entertainment consoles? Exactly what kind of products do you think actually require coverment approval before release? There are actually some, but it's very limited and that is medical machinery for use at hospitals. Household appliances are not checked if they could fry someones brain if missused.

That thing sends microwaves directly to your brain. It was public knowledge, even before the death game came into play. It's how it does its work. You'd think there'd be controls for that...

It's also possible some of the 2k people 'killed' in the first month were failed government attempts. But again, it's the setting, there very little wiggle room to it.

True, it's possible some of those deaths were due to quiet government attempts at tampering.

As for the rest, yeah there's very little wiggle room due to the setting. The problem is, we keep getting people complaining that there should be more wiggle due to reasons x,y,z and putting down the author, when reasons x,y,z are things that either will kill large numbers of people, assume Kayaba is an idiot or bluffing, the set up would be easy to hack, etc.

For example, I've seen people going on about how easy it should be to hack the server itself. Let's take a moment to think the set up through. We are Kayaba, creator of the technology, and lead designer and programmer of SAO. We have full administrative access and rights to the servers, full authority to send out patches, etc. And we want to screw people over and lock thousands of people into a death game.

To that end, we have to prevent tampering with the servers.

When we pull the trigger on the whole thing, there are a number of things that would happen to lock things down. First, all users other than us have all rights to the servers revoked. You were an admin? Congratulations, you not only no longer have admin rights, your account doesn't even exist anymore. Security permissions for all files and folders are reset so that only we have access. All remaining passwords are changed to something that hasn't been used before. Services not required for SAO are shut down and firewalled. The bios are all flashed with an image that removes all but the hard drive from the boot order, and is protected with a different password. Just for good measure, he takes over the company router the same way. MAC address (for those not familiar, it's the hardware address/id burned into your network card) filtering is enabled, the list for it pulled from the players within the game. Within the SAO server software, all persons with moderator or administrative rights have their rights reset to that of a common player, are kicked from the game, or both. Log out is removed from common player menu options, the MAC addresses of all current player connections are stored, and the game refuses all connections from hardware not on the list.

The servers are now no longer under Argus company control. They can not log in to them, access files on them over the network, can't even reboot without pulling the power cord. Not that rebooting will do them any good as they can't get into the bios, so the servers just reboot from the hard disk, and start up all the services, without them ever being allowed to intervene. They've essentially been locked out of their own system. Normally recovery from such an attack would have them shutting off the power, opening up the servers to reset the bios, then once they can boot to something other than the hard drive, re-image the servers from the last back up, and resetting or replacing the router.

Unfortunately, that's not an option in this case. Shutting down and wiping the servers will kill everyone that's trapped. They can try shutting down and compromising just one of the servers, then reconnecting it. We're smart though, so at the bare minimum, we've got the SAO software doing the same sort of file checking that Blizzard does for it's games. More likely, we're checking everything to see if it's been tampered with, and if anything's changed, it gets kicked. Permanently kicked if we're being particularly safe. So they're basically left with trying to brute force passwords as far as simple methods go. That can take a long time, and we've made sure they don't even know what user name they'd be needing to try, nor are we allowing them infinite attempts without.

So they're left with trying to find new security exploits in the operating system, or in SAO, that would let them back in, modify files, with an ultimate goal of sending a valid log out command to all players. That takes time. They don't know what changes we made with SAO. Sure they could theoretically safely sacrifice a server to get copy of the updated server, compare it to what it should be, and decompile and start analyzing anything that's changed. Easier said than done, and while it may let you know what he did, it will not necessarily let you through to change it.

Remember, we/Kayaba have/has the luxury that most people attempt to secure a system don't. There are only about 10,000 machines in the world we wish to communicate with, and all of them are connected to us at the start, giving us the hardware address for them. So we can just drop all network packets originating from anything that isn't a known machine to us. So virtually all attack attempts would need to be done using MAC address spoofing, and/or man in the middle attacks. Screw up with those, and someone is disconnected too long, and killed. And the sort of hacking they'd need to do would require a lot of trial an error, and errors are likely to be killing people.

So over all, it'd be a royal pain to do. Virtually every attempt made on it would be risking someone's life. Odds are good the only service you'd have access to would be SAO, and you'd effectively be poking around trying to find a root access exploit without tipping off the server that you're poking around. Worse case scenario, one of your attempts irrecoverably corrupts a database, crashes the service, and everyone dies. Far from quick, or easy, and difficult to get authorization to risk the lives of innocent people by effectively hijacking their connection.

True, it's possible some of those deaths were due to quiet government attempts at tampering.

As for the rest, yeah there's very little wiggle room due to the setting. The problem is, we keep getting people complaining that there should be more wiggle due to reasons x,y,z and putting down the author, when reasons x,y,z are things that either will kill large numbers of people, assume Kayaba is an idiot or bluffing, the set up would be easy to hack, etc.

For example, I've seen people going on about how easy it should be to hack the server itself. Let's take a moment to think the set up through. We are Kayaba, creator of the technology, and lead designer and programmer of SAO. We have full administrative access and rights to the servers, full authority to send out patches, etc. And we want to screw people over and lock thousands of people into a death game.

To that end, we have to prevent tampering with the servers.

When we pull the trigger on the whole thing, there are a number of things that would happen to lock things down. First, all users other than us have all rights to the servers revoked. You were an admin? Congratulations, you not only no longer have admin rights, your account doesn't even exist anymore. Security permissions for all files and folders are reset so that only we have access. All remaining passwords are changed to something that hasn't been used before. Services not required for SAO are shut down and firewalled. The bios are all flashed with an image that removes all but the hard drive from the boot order, and is protected with a different password. Just for good measure, he takes over the company router the same way. MAC address (for those not familiar, it's the hardware address/id burned into your network card) filtering is enabled, the list for it pulled from the players within the game. Within the SAO server software, all persons with moderator or administrative rights have their rights reset to that of a common player, are kicked from the game, or both. Log out is removed from common player menu options, the MAC addresses of all current player connections are stored, and the game refuses all connections from hardware not on the list.

The servers are now no longer under Argus company control. They can not log in to them, access files on them over the network, can't even reboot without pulling the power cord. Not that rebooting will do them any good as they can't get into the bios, so the servers just reboot from the hard disk, and start up all the services, without them ever being allowed to intervene. They've essentially been locked out of their own system. Normally recovery from such an attack would have them shutting off the power, opening up the servers to reset the bios, then once they can boot to something other than the hard drive, re-image the servers from the last back up, and resetting or replacing the router.

Unfortunately, that's not an option in this case. Shutting down and wiping the servers will kill everyone that's trapped. They can try shutting down and compromising just one of the servers, then reconnecting it. We're smart though, so at the bare minimum, we've got the SAO software doing the same sort of file checking that Blizzard does for it's games. More likely, we're checking everything to see if it's been tampered with, and if anything's changed, it gets kicked. Permanently kicked if we're being particularly safe. So they're basically left with trying to brute force passwords as far as simple methods go. That can take a long time, and we've made sure they don't even know what user name they'd be needing to try, nor are we allowing them infinite attempts without.

So they're left with trying to find new security exploits in the operating system, or in SAO, that would let them back in, modify files, with an ultimate goal of sending a valid log out command to all players. That takes time. They don't know what changes we made with SAO. Sure they could theoretically safely sacrifice a server to get copy of the updated server, compare it to what it should be, and decompile and start analyzing anything that's changed. Easier said than done, and while it may let you know what he did, it will not necessarily let you through to change it.

Agreed, but one of the things I'd do in Kayaba's shoes would be to kill people if they start disconnecting some of the servers. Why let them study it? Either that or keep only one server and wipe the rest. Sounds risky, but what do I care? I'm a madman who took 10000 people hostage.

Another would be to homebrew a protocol to connect to the server (just to fuck with the hackers). Based around whichever certificate technology's the strongest at the time. And of course, change the certificates regularly. Sounds like a pain, but again, what do I care?

What safety controls? Do you know of any country that has safety controlls for entertainment consoles?

Right now, there are no entertainment consoles that can fry your brain with microwave emitters. There are still safety controls though, resulting in stuff like those epilepsy warnings: "Playing too long can cause seizures in photosensitive people" and stuff like that.

Quote:

Originally Posted by lightbringer

Before even considering whether a helmet could fry your brain or not, there's the question of how such a helmet would be manufactured in secret with no one leaking its lethal capabilities and no health inspection or regulatory safety testing done on the device. From the specs alone (battery size, microwave, whatever) it would seem pretty shady. Even considering that governments are normally far behind the tech wave, I believe the device would fail on regulatory and manufacturing grounds rather than due to the technical aspect of it.

That's the point exactly. *Every* electronical device has to pass stringent safety checks to make sure it doesn't present a hazard when it's used. If it should become known that it has microwave emitters that could be possibly lethal, it would never get approval by the regulation office and thus couldn't get into production in the first place.

Regulation and licensure in engineering is established by various jurisdictions of the world to protect the safety, well-being and other interests of the general public, and to define the licensure process through which an engineer becomes authorized to provide professional services to the public.

Quote:

Originally Posted by lightbringer

Although the aspect of "a microwave powerful enough to instantly fry your brain but small enough to comfortably fit into a helmet" is certainly highly questionable as well even if we factor in technological advances.

Yes, *highly* questionable indeed.

Quote:

Originally Posted by lightbringer

Obviously in the SAO world we suspend our disbelief since it's basically a plot device needed for the setting of "people trapped in an MMO death game"

Quite a lot suspension of disbelief neccessary there. The author really should've better thought things through. Quite possibly the reason why they're trapped was only tacked on later in the author's development as an afterthought, which is why it's totally far-fetched and doesn't really make sense.

Quote:

Originally Posted by lightbringer

I guess this is not the thread to mention that particular aspect of it.

That's the point exactly. *Every* electronical device has to pass stringent safety checks to make sure it doesn't present a hazard when it's used. If it should become known that it has microwave emitters that could be possibly lethal, it would never get approval by the regulation office and thus couldn't get into production in the first place.

Did you actually read the page you linked? All it says is that you need a licensed engineer to sign off on the design. Kayaba himself would qualify for this even. That he would have to sign a document hardly qualifies as a plot hole.

Quite a lot suspension of disbelief neccessary there. The author really should've better thought things through. Quite possibly the reason why they're trapped was only tacked on later in the author's development as an afterthought, which is why it's totally far-fetched and doesn't really make sense.

Here's a funny notion... We've spent exactly zero seconds in the real world of the SAO universe since Kirito turned the game on. For the sake of THIS THREAD... why are you trying to argue a point that cannot be answered without outside knowledge in a thread that doesn't allow outside knowledge?

You can argue until you're blue in the face that the author is an idiot, and the anime is lame, but since the anime has not addressed any of your complaints you're not going to get ANY traction. It is the setting, and the anime has ignored your complaints from the opening minutes of the show. Case closed, no?

Again, we have the basic setting that says that 10,000 people are trapped. People are very welcome to argue their interpretation, and you can argue yours. But you're complaining that the author or the anime makers are dumb because they haven't addressed your point. It's a little... off. Whether it's logical or not, they haven't addressed it yet so no one knows yet.

Quote:

Originally Posted by Clarste

So I guess you're saying that the safest system is the one that no one need to access, ever.

He makes an excellent point though. You allow exactly 10k people to connect. You ID those people by whatever method you wish (hardware ID most likely). You allow those exact ID's to connect until they die. And once they die you never allow them to connect again. A home-based router that you can buy at a knock-off electronics store can limit connections to certain hardware ID's, and no one else.The government can begin tampering by killing someone and trying to take over that connection.

Agreed, but one of the things I'd do in Kayaba's shoes would be to kill people if they start disconnecting some of the servers. Why let them study it? Either that or keep only one server and wipe the rest. Sounds risky, but what do I care? I'm a madman who took 10000 people hostage.

True, that's an entirely viable possible step to take. It depends a bit on the minimum hardware required to keep everything running properly, and how willing we are to risk killing people for a hardware failure. We want the people we trapped playing the game. We'd rather not lose a significant percentage of them because a server had a faulty motherboard, or was plugged into a faulty surge protector.

Quote:

Another would be to homebrew a protocol to connect to the server (just to fuck with the hackers). Based around whichever certificate technology's the strongest at the time. And of course, change the certificates regularly. Sounds like a pain, but again, what do I care?

A certificate protocol I assume you mean? Because you pretty much aren't going to be able to get away from TCP/IP as your connection protocol.

Quote:

Originally Posted by Shimapan

That's the point exactly. *Every* electronical device has to pass stringent safety checks to make sure it doesn't present a hazard when it's used. If it should become known that it has microwave emitters that could be possibly lethal, it would never get approval by the regulation office and thus couldn't get into production in the first place.

At a glance, that article entirely concerns itself entirely with the regulations and licensing requirements for calling yourself an engineer. It says nothing about the process of certifying that a new electronic device meets government safety standard, which is what we're interested in.

Quote:

Originally Posted by Clarste

So I guess you're saying that the safest system is the one that no one need to access, ever.

More or less. Security holes being found and exploited largely arise from the need to talk to a variety of other machines for various services. When you only want to talk to a very limited number of machines that you know at a level hardwired into them, for just one or two services, it gets significantly harder to compromise you because attackers have to impersonate a machine you'll actually talk to. When you say you'll kill anyone that stops talking to you, the willingness to risk shoving one of those machines out of the way to impersonate them falls significantly.

The bottom line is that while Kayaba can't make the servers unhackable, he can make it difficult and dangerous enough to severely limit what most sane people are willing to do.

Before even considering whether a helmet could fry your brain or not, there's the question of how such a helmet would be manufactured in secret with no one leaking its lethal capabilities and no health inspection or regulatory safety testing done on the device. From the specs alone (battery size, microwave, whatever) it would seem pretty shady. Even considering that governments are normally far behind the tech wave, I believe the device would fail on regulatory and manufacturing grounds rather than due to the technical aspect of it.

Although the aspect of "a microwave powerful enough to instantly fry your brain but small enough to comfortably fit into a helmet" is certainly highly questionable as well even if we factor in technological advances.

Obviously in the SAO world we suspend our disbelief since it's basically a plot device needed for the setting of "people trapped in an MMO death game" but I guess this is not the thread to mention that particular aspect of it.

I wrote this on another blog. But basically yes there are norms that govern the standards on devices, but that doesn't mean that they won't kill you if you misuse them, tamper with them or exploit them. As for the link to the regulations, the normal use and misuse/exploit are two different subjects.

Basically if the NervGear can kill or not isn't the question. The question is if someone is willing to exploit it to kill. Any hardware in real life can kill if purposed for, from your simple pencil to airplanes.

Also you need to take into account that almost all manufactured goods are produced with higher margins/thresholds of durability so they can perform for years or extended periods without failure.

So, let's take for example a CRT television/monitor. It's harmless with everyday use but all the capacitors and other stuff inside of it holds enough electric charge to kill you even after turned off. That's why it has stickers warning you not to open and only let qualified technicians repair it. Don't mention your own kitchen appliances like microwaves and other stuff.

As for durability and perfomance. Take for example your basic computer processor rated at 2-3GHz. Most of them come from the same silicon waffer but the speed ratings are basically limiters/multipliers/clock rates imposed on the chips in the factory. That's why you can overclock your processor to 6 Ghz or even 9 Ghz, how long it last before it fries depends on the cooling of course.

Same with another day to day machine. A car with an average 200 HP at 6000RPM. How many people tap the full potential of such engine? most people won't use more than 30% of that power and won't rev it beyond 3500RPMs. But a racedriver on a race track might, but also the engine and car components would need more frequent maintenance since it degrades them faster. Also the tires on a day to day basis last upwards of 50,000 miles, but take them to a race or drifting and they won't last more than a few laps totalling a few dozen miles.

There are a lot stuff on your daily life that looks harmless but can kill you. Even your little 9V battery powers stun guns and tasers (the later had cases of killing people too). A lot of today's devices like in the case of processors are restricted within their operation limits via software, whose to say Kayaba the very inventor of the NervGear can't update/change the firmware?

Also my 2 cents take on the frying your brain. You don't need to fry the whole brain to kill someone. Have you ever heard of a stroke? Just a little damage on a critical part of your brain might lead to you ending up paralyzed, a vegetable, coma or death. That little damage can come from an hemorrhage, aneurysm, a tumor, et al. The brain is a very delicate organ and it doesn't take a lot to damage it, just something targeted is enough. In the case of SAO, the NerveGear and Kayaba's plan, it kills by frying your brain with microwaves. Today we can use elemagnetic pulses on the brain to momentarily change the personality and decision ability of people, even jam the motor control of the body. So being more devious, since the device already intercepts/redirects your brain signals you can do other stuff to kill like making your body release all it's adrenaline and sending your heart into a tachycardia which might end up in a heart attack.

A certificate protocol I assume you mean? Because you pretty much aren't going to be able to get away from TCP/IP as your connection protocol.

I mean I'd replace ssh, or whatever they use in the distant future of... 2023?

Quote:

Originally Posted by Krono

More or less. Security holes being found and exploited largely arise from the need to talk to a variety of other machines for various services. When you only want to talk to a very limited number of machines that you know at a level hardwired into them, for just one or two services, it gets significantly harder to compromise you because attackers have to impersonate a machine you'll actually talk to.

Yes. Add to that that the more... esoteric exploits, like buffer overflow, require intimate knowledge of the hardware and software. They can take the hardware apart as much as they can, but Kayaba's probably taken steps to hide the changes he made to the software.

Quote:

Originally Posted by Clarste

So I guess you're saying that the safest system is the one that no one need to access, ever.

There's one thing I don't get much in regards to how the primitive NervGear sends signals...

(1) How do microwave signals send / intercept nerve signals to the brain?
(2) Do you think future consoles (especially something that involves headgear) should include this dangerous technology?

Actually we are in the early stages of that.

We can't intercept them but we can scan our brains and it's activity with MRI and CAT scans. Today those machines are room sized, but development in this field is continuing. Remember that 30-40 years ago computers were the size of a room and had no more processing power than your scientific calculator. From some documentary or article I read recently, some scientist were able to see what a patient could see from just translating his brain activity. They started by having the subjects looking at a card with a letter, then they scanned the visual cortex of the brain to see what kind of activity and pattern it made. After a while the computer by just looking at the brain activity it would interpret this signals and show a lowres image of what letter the subject was seeing directly from the brain.

As for inputting signals in the brain they already can do some crude stuff. They use a mesh/net on your head or a wand that sends electromagnetic pulses into the brain. This focused pulses affect the targeted region of the brain. For example while receiving this pulses it could change your personality or decision making momentarily like making you more altruistic or choosing answers that you couldn't normally chose. Also targeting other regions it affects your motor control, like making you shake a limb, unable to move it, disable your fine motor control or even disabling the limiters that prevent you from exerting so much force that it damages your muscles.

I think the most difficult part would be the "interception" which prevents your real body from moving while wearing the helmet. It's hard to imagine how they could manage that without a more invasive machine.